From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-187629-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id A98CE138334
	for <garchives@archives.gentoo.org>; Wed, 17 Jul 2019 23:39:03 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 244A1E0829;
	Wed, 17 Jul 2019 23:38:57 +0000 (UTC)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id B52A1E0817
	for <gentoo-user@lists.gentoo.org>; Wed, 17 Jul 2019 23:38:56 +0000 (UTC)
Received: by mail-ot1-x32d.google.com with SMTP id j11so2749271otp.10
        for <gentoo-user@lists.gentoo.org>; Wed, 17 Jul 2019 16:38:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=p4Qlg1iBs0LWmNN9zZX8KERlmkluKmb5s7TeBGYfCbg=;
        b=JmoHu4EWBYJucPLaWeGGkRKz3aFtssDDzpckKRld9OOgH39GlOGPgcoUExXkhiCZCN
         Ml7XZOprWcE3Qdn8oHm7cmRTSgeadrgPFnMNEUnatSeQv6e4TtiOgoX3sek4r1AIuxH1
         Eip5VuGlCAYpQHrgZQuyff5VEqAFadhMq6qyLy2OZNX3Yrsr87QWE2SBPYz9UJnTD301
         j8dpGaCbKTUTdnWVZb/kPwuI/K6ziCGQ5aG9htbgz5pqanRjZ3XP5wP4HXuNJCf+c+nu
         ClnMYgInQ3NfIha6s0ZTHK6U4jbDvsp/Obt4Szw++py5OeB2pUJqRV6Kqgor+j7fq4j/
         X6+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=p4Qlg1iBs0LWmNN9zZX8KERlmkluKmb5s7TeBGYfCbg=;
        b=hwOjiILXnupe559AdWej7RzDm0urwFN/NOgdOXhxKgQUS8AVblBYHHsH8sBjRGszLA
         XKx0QhyewPN8cTVpEIV7DpN20PQT2yrZ2/ah10Jxb5QBjGNd+XIKO/YUputHGUABvxwW
         mb2rI7/hlnT24P+TIY0qMZS1xQNLj8ktSh7oznOAY3+iBZeRNv/YAHuPvhFlU5DDsw2J
         lqsIM8h1skJbJtQiylc+QxMm06mdvfZg87nfgl4RnD1ILgTsAhg3x3RlUEHy5P8F11Lc
         V0PnWKHybGltp0nPB8FLidQ1Uf5GmaJRK2l/HGYa6i1ngF/+NuaVEOwrrfdPsIzDdTXs
         1gDA==
X-Gm-Message-State: APjAAAVMx1ccKh7tM0Z5WYyRVG0aS8VkIp+/ktCF53IHN8vtWRrfEb6I
	2KHkB6B/7zu2vZJc+VZ8Rgj5FMkP0SvthtmkOnE1uxrF
X-Google-Smtp-Source: APXvYqyzXqRQYopxt6R7QBzPyL9ulQac7WBxfvFnnp3oaE3pmRcVsAk0QeYd7NCsRM/QpxIRWqJwwS0bfb18cwn34pM=
X-Received: by 2002:a9d:6014:: with SMTP id h20mr330320otj.210.1563406735529;
 Wed, 17 Jul 2019 16:38:55 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
References: <ZK3SOP73.6YO66WMV.YNJMSMQX@WSQODLVE.QGFFK3PZ.DREWN4SR>
 <21714265.1ZXtKVbesA@localhost> <fda97826-df7f-fdd8-65d7-2a8d1bf7bf5d@charter.net>
 <2145688.70jHgKrVLc@localhost>
In-Reply-To: <2145688.70jHgKrVLc@localhost>
From: Adam Carter <adamcarter3@gmail.com>
Date: Thu, 18 Jul 2019 09:38:44 +1000
Message-ID: <CAC=wYCECFLrsMfsaKF-SZAPYPwBPSgvG1jWc24Nh7BTDue-MTg@mail.gmail.com>
Subject: Re: [gentoo-user] AMD microcode updates - where are they?!
To: gentoo-user@lists.gentoo.org
Content-Type: multipart/alternative; boundary="0000000000001c5f90058de8ff5f"
X-Archives-Salt: 67d71681-ed40-4dd7-b1d6-3344ee6323be
X-Archives-Hash: 223a17004855546adf722beb6b93b763

--0000000000001c5f90058de8ff5f
Content-Type: text/plain; charset="UTF-8"

>
> Hmm ... My last line looks the same like Rich's, but different to yours:
>
> # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
> Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling
>
> I don't have IBPB mentioned in there at all.  I'm on
> gentoo-sources-4.19.57.
> Are you running a later kernel?
>
> According to this article a microcode update seems to be necessary, but
> I'm
> not sure if this statement only applies to Intel CPUs:
>
>
> https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10
>
>
My piledriver output from an old 4.19 has IBPB, so given that redhat info,
it looks like you do have old microcode. I don't pass anything via the
kernel command line, as I assume the defaults are good.

$ cat kern-4.19.7-vuln.txt
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation:
Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD
retpoline, IBPB: conditional, STIBP: disabled, RSB filling

FWIW
$ md5sum /lib/firmware/amd-ucode/microcode_amd_fam15h.bin
3bdedb4466186a79c469f62120f6d7bb
 /lib/firmware/amd-ucode/microcode_amd_fam15h.bin

--0000000000001c5f90058de8ff5f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_quote"><blockquote class=3D"gmail_quot=
e" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204)=
;padding-left:1ex">
Hmm ... My last line looks the same like Rich&#39;s, but different to yours=
:<br>
<br>
# cat /sys/devices/system/cpu/vulnerabilities/spectre_v2<br>
Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling<br>
<br>
I don&#39;t have IBPB mentioned in there at all.=C2=A0 I&#39;m on gentoo-so=
urces-4.19.57.=C2=A0 <br>
Are you running a later kernel?<br>
<br>
According to this article a microcode update seems to be necessary, but I&#=
39;m <br>
not sure if this statement only applies to Intel CPUs:<br>
<br>
<a href=3D"https://access.redhat.com/articles/3311301#indirect-branch-predi=
ction-barriers-ibpb-10" rel=3D"noreferrer" target=3D"_blank">https://access=
.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10</a=
><br>
<br></blockquote><div><br></div><div>My piledriver output from an old 4.19 =
has IBPB, so given that redhat info, it looks like you do have old microcod=
e. I don&#39;t pass anything via the kernel command line, as I assume the d=
efaults are good.<br></div><div><br></div><div> $ cat kern-4.19.7-vuln.txt<=
br>/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected<br>/sys/device=
s/system/cpu/vulnerabilities/meltdown:Not affected<br>/sys/devices/system/c=
pu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass d=
isabled via prctl and seccomp<br>/sys/devices/system/cpu/vulnerabilities/sp=
ectre_v1:Mitigation: __user pointer sanitization<br>/sys/devices/system/cpu=
/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: condition=
al, STIBP: disabled, RSB filling</div><div><br></div><div>FWIW</div><div>$ =
md5sum /lib/firmware/amd-ucode/microcode_amd_fam15h.bin<br>3bdedb4466186a79=
c469f62120f6d7bb =C2=A0/lib/firmware/amd-ucode/microcode_amd_fam15h.bin<br>=
</div></div></div>

--0000000000001c5f90058de8ff5f--